diff options
author | Michael Shuler <michael@pbandjelly.org> | 2011-12-11 17:42:46 -0600 |
---|---|---|
committer | Michael Shuler <michael@pbandjelly.org> | 2011-12-11 17:42:46 -0600 |
commit | c04ca9cf0f228920bbe786d05b1dd41cc068a60f (patch) | |
tree | 7b9b5c75c0d771b53b35db802f3243b288e68d92 | |
parent | ae03cea72e176c15c832dcfd44f03f4a558d85c4 (diff) | |
download | ca-certificates-c04ca9cf0f228920bbe786d05b1dd41cc068a60f.tar.gz |
Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data
-rw-r--r-- | debian/changelog | 4 | ||||
-rw-r--r-- | mozilla/certdata2pem.py | 12 |
2 files changed, 10 insertions, 6 deletions
diff --git a/debian/changelog b/debian/changelog index 06d6b0d..9b11eea 100644 --- a/debian/changelog +++ b/debian/changelog @@ -11,9 +11,9 @@ ca-certificates (20111025.4) UNRELEASED; urgency=low * Use 'set -e' in body of debian/postinst * Update mozilla/certdata.txt to primary Mozilla repository version 1.80 (no added/removed CAs) - ! TODO: update mozilla/certdata2pem.py to grok [NETSCAPE||NSS]... + * Update mozilla/certdata2pem.py to parse NETSCAPE or NSS data - -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 15:00:20 -0600 + -- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 17:26:19 -0600 ca-certificates (20111025) unstable; urgency=low diff --git a/mozilla/certdata2pem.py b/mozilla/certdata2pem.py index d6dfa53..3c89e92 100644 --- a/mozilla/certdata2pem.py +++ b/mozilla/certdata2pem.py @@ -92,15 +92,19 @@ if os.path.exists('blacklist.txt'): # Build up trust database. trust = dict() for obj in objects: - if obj['CKA_CLASS'] != 'CKO_NETSCAPE_TRUST': + if not (obj['CKA_CLASS'] == 'CKO_NETSCAPE_TRUST' or + obj['CKA_CLASS'] == 'CKO_NSS_TRUST'): continue if obj['CKA_LABEL'] in blacklist: print "Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'] - elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR': + elif (obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR' or + obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR'): trust[obj['CKA_LABEL']] = True - elif obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR': + elif (obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NETSCAPE_TRUSTED_DELEGATOR' or + obj['CKA_TRUST_EMAIL_PROTECTION'] == 'CKT_NSS_TRUSTED_DELEGATOR'): trust[obj['CKA_LABEL']] = True - elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED': + elif (obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NETSCAPE_UNTRUSTED' or + obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED'): print '!'*74 print "UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'] print '!'*74 |